Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

chicksdaddy writes "A malicious software researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the Web by hard-headed copyright protection algorithms, according to the Naked Security blog. Mila Parkour, a researcher who operates the Contagio malware blog, said on Thursday that she was kicked off the cloud based hosting service Mediafire, after three files she hosted there were flagged for copyright violations and ordered removed under the terms of the Digital Millennium Copyright Act (DMCA). The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010. The firm responsible for filing the DMCA take down notice was Paris-based LeakID, which describes itself as a 'digital agency ...founded by experts from the world of radio, television and Internet.' LeakID markets 'Leaksearch,' an 'ownership tool that will alert you within seconds if your content...is being pirated.' According to Parkour, Mediafire received a notice from LeakID claiming that it was 'acting on behalf of the copyright owners,' though the owners and presumed copyrighted content weren't named."

I'm a bit confused about how it found malware in compressed and encrypted files, assuming the compression and encryption was the work of the researcher, because such a person would certainly know better than to just repeatedly upload typical, in-the-wild payloads that would match signatures... and then bitch about being blocked. Right?

One would be them running their standard anti-malware through the same notification process as their dmca takedowns. A total non-issue... they just need a new email template.

I remember when the DMCA was being introduced there was plenty of assurance that false claims would not be made because the claimant would be charged with perjury. We get rubbish like the above happening ("filename or a hash value") because the mechanism of dealing with false claims has never been applied so we get a shotgun approach of claims based on a wild guess.Anyone have any ideas about what can be done about it other than saying "I told you so"?

There is that perjury provision but I've never heard of it ever being applied to a single case - it looks like that provision was a bait and switch to get the bill passed but with far too many loopholes to ever be applied.

Isn't there provisions in the DMCA, that if you file knowingly false takedown notices you go on trial for perjury or similar?

So, if the content is not for the issuer to take down, I should think anyone attached to it can file a complaint.

She may also have grounds for unrightful termination of contract, so there should be at least 2 venues for responding to the takedown.

This is referred to as the "giant loophole" provision -- the key words are "knowingly false". Since the process is automated, the people responsible don't know if it's true or false, and likely don't even know about the notice until they receive a response.

That said, there is also a complaints process, and she has followed it. Most people just don't bother.

Complicating this is that the people sending the notice are sending it from a foreign country, and don't claim ownership to the data they're claiming i

If you have programmed a system to act on behalf of a person, you have the responsibility to ensure that the system is able to do its job. The fact that it is automated cannot be a valid excuse, as the only reason you issue the take-down (or the system issues it for you) is that your system has claimed it true. Ignorance/stupidity/incompetence is, as most judges will explain, no excuse....this needs to be brought before a judge.

Since LeakID now claims ownership of this malware, can't we sue them for all damages it causes?

I think you would have better luck simply demanding that the lawyer responsible go to jail for perjury. Issuing a DMCA take down notice requires that you sign a legal statement that the content is infringing. If it isn't that shows willful dishonesty on the part of LeakID.

This is a masterfully crafted electrum spyware app. All craftsdwarfship is of the highest quality. It is finely colored with dimple dye. It menaces with spikes of cat and is banded with rings of copper.

If the authors aren't named, it's not a valid DMCA complaint. The real problem here is service providers taking down material without a valid complaint.

IIRC, the DMCA provides immunity for a service provider that takes down material persuant to a valid complaint. That implies that without a valid complaint, there would be a cause for action against the service provider. People need to start suing or there's no incentive for a service provider to obey the law.

Sue the service provider for what? They can take down your content all they want according to the TOS. You can file a suit against the bogus DMCA filer but the service provider can take things down regardless.

Sue the service provider for what? They can take down your content all they want according to the TOS

The trick is you have to pay them. Then they owe you service. If their TOS states that they can take your money and then take down your files at any time, that's a completely one sided contract which aren't typically ruled valid by the courts, even in the corporate USA.

>>That implies that without a valid complaint, there would be a cause for action against the service provider. People need to start suing

Yes. You pay taxes to support the courts. Might as well start using them.Or take the easier action and just file a DMCA response that says the files are not copyrighted. The ISP has to restore the files. If they don't, then sue them.

Or take the easier action and just file a DMCA response that says the files are not copyrighted. The ISP has to restore the files.

As I understand the safe harbor provisions of the DMCA, this is incorrect.

They have a safe harbor from copyright liability if they restore them in response to a proper counter-notice, and if they do not restore them they lose the safe harbor benefit they had with regard to any cause of action the user may have had -- but the DMCA doesn't create a cause of action requiring restor

>>>>>Or take the easier action and just file a DMCA response that says the files are not copyrighted. The ISP has to restore the files. If they don't, then sue them.>>>>losing the safe harbor benefit with respect to actions by the user is a non-event

First off, how about quoting my WHOLE comment. I said the customer should sue the ISP. Second, I wouldn't call that a "non-event". No company wants to be sued for breach-of-contract, suppression of free speech, abuse of monopoly, a

IIRC, the DMCA provides immunity for a service provider that takes down material persuant to a valid complaint. That implies that without a valid complaint, there would be a cause for action against the service provider.

This inference is incorrect. The safe harbor provisions of the DMCA protect a service provider (under certain conditions) from copyright liability provided they take down material once they receive a compliant takedown notice, and from any liability they might otherwise face for taking down

There is a reason these takedown companies are all moving off shore. This way they avoid the perjury penalty for filing false reports. Who has time to fly to Paris to file perjury claims against this company on their home turf, in a French Court.

In the absence of any real penalty in the laws for filing false takedown notices, it seems to me that everyone should simply start filing takedown notices on every single thing they find on the net anywhere until the hosting companies realize that it is a total mess, and start demanding more than an automated statement, something like proof, a statement of the work it is supposed to actually violate, etc.

Clearly if these files were compressed and encrypted, any hash or content match was random, and virtually any executable code or encrypted file might trigger a match with whatever engine these take-down artists were using.

Perhaps there is a business opportunity to set up a company in East Timor or some such place that would automatically file a counter notices [wikipedia.org] (putback), which then requires the takedown artists to file suit, or shut up. This puts the cost burden back on them, and at worst case, an improperly accused person has a ten day interruption of availability.

As long as the hollywood darlings are in office I see no chance of this ever being corrected via legislation. The best bet is to get it to topple over of its own weight.

This is happening to a friend of mine who is being stalked. An offshore firm has obtained access to her FB pictures, and filed takedown notices on every single one she has, even the ones from her phone. FB got tired of the DMCA notices (even though there was -zero- copyright liability anywhere) and suspended her account.

I guess the answer is to hold your photo collection offshore and just link to the contents, or have one link to blog, etc.

What's another black eye gonna do? Nothing. FB and the DMCA are both covered top to bottom in bruises, and they stand tall and proud, begging for more, they can take it. Oh well, this is the system we built. The tendency will be to reenforce it. DMCA not working? We need more!

There's a solution for this, just create a law that requires all international DMCA requests to send it through snail mail for processing. An optional online tool should be allowed, but only under an agreement that you're liable under US law for false DMCA requests.

All DMCA requests must be handled under US law. The DMCA is US law. Those foreign companies can't make DMCA requests in a foreign country because
US law only applies in the USA, so your counter must also be made under US law (in the USA).

There is a reason these takedown companies are all moving off shore. This way they avoid the perjury penalty for filing false reports. Who has time to fly to Paris to file perjury claims against this company on their home turf, in a French Court.

All easily solved by simply saying that the forum chosen by the plaintiff is inconvenient. It's a simple motion to file in most jurisdictions -- if I live in Texas, and I sue you in New York, you can request the venue (that is, where the court is located, not which laws apply) be changed to New York, as you are the defendant and the burden is on the Plaintiff to prove damages, etc. It's all under the 'innocent until proven guilty' -- and not granting such a motion would prejudice the defense.

Unfortunately, such just and fair legal concepts have been thrown out... and nobody gives a damn. People are busy protesting crap like mortgage defaults, while the judiciary falls apart to the sound of silence.

There is a reason these takedown companies are all moving off shore. This way they avoid the perjury penalty for filing false reports. Who has time to fly to Paris to file perjury claims against this company on their home turf, in a French Court.

The perjury claim is effectively impotent anyway. The ONLY thing you have to attest to under penalty of perjury is that you represent a(not the) rights holder who's work is allegedly infringed. That's any rights holder and any work. If you represent Prince, you can have any file removed from the internet by claiming that it is a copy of Purple Rain, even if you do not have a good faith belief that it is, and you cannot be touched by a perjury charge.

First, you do not need to go to France or some other country to file charges on the firm or person making fallacious DMCA take down claims. It is a US law used to protect copyright owners and when it is used incorrectly, a US court can decide penalties or corrective action.

Second, perjury is not the only penalty associated with fallacious DMCA take downs. Any damages caused by the take down plus legal fees can be recovered in much the same way as and that would be from where the harmed party exists. You wou

You can seek justice in a US court.But you can't collect. Most of the time you can't even collect with a judgement in hand from a US court against a US company. They simply stone wall you.You have zero chance of collecting from a guy working out of a loft in Paris.

You attach to assets they hold like the claimed copyrighted works and report the debt to the credit bureaus so the company has to clear it in order to do business or suffer penalties in trying to do so.

This is why you sue the agent and the owner who will be liable too.

If I was the only person suing, you might have a point. But if everyone who has been wronged by these things sue, then they cannot escape the reality.

You can not "attach" physical assets without the aid of Police.Most Police ignore judgements unless they are very high amounts.

Most financial assets will be kept off shore, out of the reach of US courts.Even if they had US assets, they are not going to tell you about them, and they are not even going to show up before a judge and explain why not.They will simply ignore you.

The only way you get anything is go after them in their own country, and hope the US judgement isn't laughed out of a French court.

They already know it's a mess. They are just using these incompetent services because the big media companies are making that a condition of getting hosting business from the big media companies. You need to find a hoster that does the DMCA takedowns the old fashioned way, by printing them out and putting them in the INBOX of the company lawyer.

Reread the terms, most unfortunately, only part of a proper DMCA takedown notice is made "under penalty of perjury", and it's not the part most of these vandals (with apologies to the Vandals) get wrong.

As AC alluded to, they can only be charged with perjury if they don't have rights to the work they claim is being infringed. If your work is nothing to do with the work they claim is infringed, you have no recourse. So to troll the system all you have to do is have a random copyright on something, and claim everything you see infringes on it.

These organizations and the people/organizations who employ them are already subject to damages and legal fees their take down notices cause. The DMCA does not protect the person making the claim or the accused, just the netowrk operator if certain steps are taken.

a rather simple solution would be to attach a deposit to filing a DMCA notice. if the notice is unchallenged, or eventually goes to court and is won, then the deposit is returned.

if the notice is challenged, and the organization does nothing, then the content is restored and they lose their deposit. or if it goes to court and the challenger loses the case, then they also lose the deposit. maybe even have the deposit automatically be awarded towards the legal fees of the defendant in this case.

LeakID (and/or their client) just claimed copyright over malware. Not just any malware, but targeted malware against a corporation for the intent of theft of intellectual property and unauthorized access of computer systems.

IANAL, but LeakID should then be held liable and responsible for their "copyrighted works".

I wonder if this isn't a good thing to have happening as frequently as it is and to highly visible victims. Maybe some laws will get passed/changed to make automatic detection/takedown illegal. It is hard to send a computer program to jail for fraudulent takedown notices, but if a person or lawyer (are they people?) signs the takedown notices then there is someone to blame and send to jail for fraud.

I guess I don't actually believe what I wrote because I am too cynical of our current corporation/politician

You miss the point. The reason that auto-take-down exists is so that current copyright holders can cut huge swaths through anything they feel "Might" infringe on their copyrights, and therefore should be expunged from the planet as we know it. They care less than a wit about collateral damage, improper take-down, and illegal or immoral applications of the laws they've ramrodded through governments around the world. They want to control the content, and force you and me to pay. If along the way the throw the

Thanks to international copyright agreements, French (and a shitload of other countries') copyrights apply in the US as well. And since you don't have to be a US citizen to take legal action to a US company or citizen under US laws, they can. It's the same reason why a certain Swedish site can be sued for infringement of US copyrights according to Swedish laws.You see it's a trade-off between security and freedom; companies gain security in exchange for citizens losing freedom.

Another question is the Envoy Act, which creates an undersecretary and hundreds of new envoys in embassies to do as Christopher Dodd (former D senator, now MPAA president) requests, would be proposed by Lamarr Smith (R-TX) when presumably, the nation can't afford such things.

Friend, it is true that the Dems are suckling at the Hollywood teat hard and long, but don't you for a moment think that Hollywood won't or doesn't invest in the other side too, because in the end, they have far more interest in getting their agenda passed than who does the passing.

The fact that the files were virus by definition (self-replicating) should void any DMCA rules. That's kind of like pissing from a roof top and charging everyone below for window cleaning services, even if no one wanted it.

Gaiman and Obama had their live streams interrupted interrupted by brainless content robots. This guy was kicked off a service by his fellow carbon-based units after some content violations were flagged. Except for the fact that it's all part of the IP wars, there's no parallel at all.

Copyright is generally assumed for any work that benefits society. Can you even claim copyright on something like a virus, or other piece of maulware? I wonder if there's a legal argument that Maulware is profane, and not eligible to begin with. Might be interesting if this line of reasoning is ever pursued.

Not true. That's a paraphrase of the Constitutional language, yes, but there's plenty of copyrightable materials that are of minimal or negative benefit to society: The Turner Diaries, say, or [insert completely crap Hollywood movie here].

And of course anyone might disagree about what is or is not of social benefit, depending on their particular ideological/political/financial/social/etc filters. One person's Ulysses is another's 50 Shades o

Tis just yet another example in the ever growing exhibit hall of reasons not to trust the cloud. If you do not want to bother setting up your own IT services, you should be hiring somebody to set them up for you. The best option is to do it yourself (not rocket science these days) and maintain total control.

There are lots more sob stories coming regarding people and their misplaced trust in cloud services.

In the 1960s and 70s, and even 80s, the idea of centralized computing services shared by many users made a lot of sense. Most people couldn't afford computers or great computing power, nor did they have a need for such resources. The solution was to have a university, lab, or business purchase a big powerful computer and users would use dumb terminals to interact with it. It worked great.

The difference today, is that the "cloud" is being sold as a similar sort of resource when it clearly isn't necessary.

Until there are greater protections for my rights and until the legal system sorts out the details of how I am going to "legally" consume media, the excitement about "the Cloud" will lead me to store my information in "the Drive."

If my company got a DMCA takedown notice that was "on behalf of someone" then we'd tell them to "shove it up their ass." I don't know why mediafire would obey such idiotic semi-anonymous requests other than to look better than megaupload from a legal perspective.

The files were said to be encrypted, so how could anyone identify the files as a violation of copyright? Either someone encrypted the file with a Little Orphan Annie Decoder Ring, or LeakID is throwing false positives in an effort to run up the tab on its customers. I strongly suggest anyone subscribing to LeakID's service seriously review their billing statements.